Privacy Policy

Last updated: 15 April 2026

This Privacy Policy explains how Kintsu (“we”, “us”, “the app”) collects, uses, and protects your personal data when you use the Kintsu mobile application and this website (kintsu.ink).

We aim to collect as little data as possible, and only what we need to run the app, keep it secure, and comply with the law. If anything in this policy is unclear, email us at privacy@kintsu.ink.

1. Who we are

Kintsu is an independent mobile application. For the purposes of the UK GDPR and EU GDPR, the data controller is Eugenio Lecci, an individual based in the United Kingdom, contactable at privacy@kintsu.ink.

We are not required to appoint a Data Protection Officer under Article 37 of the UK GDPR.

2. What data we collect and why

2.1 Account data

When you create an account, we collect:

• Email address — used to sign you in and to send essential account notifications (for example, password resets).
• Username — a display name you choose. It does not have to be your real name.

If you use the app without creating an account (anonymous mode), we create an anonymous session identifier so your saved content and preferences persist on your device. This identifier is not linked to any personal detail.

2.2 App content

The app stores the following content you generate inside it on our servers:

• Saved quotes — the quotes you save to your personal Sanctuary.
• Quotes already shown to you — a lightweight record of which quotes your feed has already served, so it does not repeat them until you have seen everything available. Reset automatically when you have seen every quote in the deck.
• Interactions — which quotes you have marked as liked or dismissed, so the feed stops showing you ones you do not want.
• Oracle prompts and outputs — when you use the Oracle feature to generate an AI aphorism, the prompt you enter and the resulting text are stored against your account so you can revisit them.
• Entitlements — whether you have an active subscription or an ad-unlock, so the app knows what to show you.

2.3 Diagnostic data

To keep the app working, we collect:

• Error reports — if the app crashes or hits an error, we record the error type, a short breadcrumb of recent actions, the app version, and a pseudonymous user identifier. We do not log the contents of your quotes or Oracle prompts in error reports.
• Basic app events — a small number of technical events, including app open / foreground / background lifecycle transitions, ad-watch outcomes (rewarded, dismissed, not ready), and Oracle generation requests, so we can tell whether core features are working. We do not record session replays, capture screen content, or track your scrolling, reading time, or individual screen views beyond what is needed to diagnose a support issue.

2.4 Advertising data

Kintsu shows occasional rewarded video ads to unlock features. When you choose to watch an ad, the Google AdMob SDK may collect:

• Your device’s Advertising ID
• Device type, OS version, and language
• IP address (used for approximate geolocation and fraud prevention)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we ask for your consent before any personalised ads are shown, using Google’s User Messaging Platform (UMP). You can withdraw or change this consent at any time from Settings → Privacy → Manage ad preferences in the app.

2.5 Purchase data

If you buy a subscription or other paid feature, the purchase is handled by Google Play Billing. We receive a purchase token from Google so we can grant you the feature you bought, but we do not see your card details, billing address, or Google account. Receipt validation is handled by RevenueCat on our behalf.

2.6 On-device data (not sent to our servers)

Some information stays on your device and is never sent to us:

• App preferences — your theme, font scale, and notification toggles are stored locally using Android’s standard SharedPreferences store. If you uninstall the app or clear its storage, these settings are lost.
• Anonymous session identifier — if you use the app without creating an account, the anonymous identifier described in section 2.1 lives on your device and is not linked to any personal detail.

3. Who we share data with

We use the following third-party processors. Each one only receives the data it needs to do its job. We do not sell your personal data.

• Supabase (AWS eu-west, Ireland) — authentication and database hosting. Receives your account data, app content, and Oracle prompts and outputs.
• Groq (United States) — AI model inference for the Oracle feature. Receives the text of the prompt you submit, via our backend, in order to generate an aphorism. Groq does not receive your email, username, or Supabase user ID.
• PostHog (United States) — error reporting and basic app events. Receives diagnostic data and a pseudonymous user identifier.
• Google AdMob (global) — serves rewarded ads. Receives advertising data as described in section 2.4.
• RevenueCat (United States) — manages subscription purchases and entitlements. Receives a pseudonymous user identifier and the purchase token returned by Google Play.
• Google Play (global) — distributes the app and processes in-app purchases.
• Cloudflare (global) — hosts this website and routes email sent to privacy@kintsu.ink and hello@kintsu.ink.

4. Legal basis for processing (UK / EU GDPR)

• Contract — creating and running your account, storing your saved content, and processing subscription purchases.
• Legitimate interest — diagnosing errors, preventing abuse, and making sure the app works. We have weighed this against your privacy and believe the minimal data we collect is proportionate.
• Consent — personalised advertising in the EEA, UK, and Switzerland, where we ask you through the Google UMP dialog.
• Legal obligation — if you make a purchase, we may retain basic transaction records for as long as tax and accounting law requires.

5. How long we keep your data

• Account data and app content — kept until you delete your account. When you tap Settings → Delete Account Permanently, we delete your account and all of the user-linked records described in section 2.2 — saved quotes, your already-seen quote history, interactions, Oracle prompts and outputs, and entitlements. Deletion is permanent.
• Anonymous sessions — kept on your device until you clear app storage or uninstall.
• Error reports — retained by PostHog for up to 90 days, then purged.
• Advertising data — retained by Google AdMob according to their own policy, which you can review at the link in section 3.
• Purchase records — retained for as long as UK tax and accounting law requires (currently six years).

6. Your rights

Under the UK GDPR and EU GDPR you have the right to:

• Access — ask us for a copy of the data we hold about you.
• Rectification — ask us to correct data that is wrong or out of date.
• Erasure — delete your account yourself in-app, or email us and we will do it.
• Portability — ask us to export your saved content in a machine-readable format.
• Object — object to processing based on our legitimate interests.
• Withdraw consent — change your ad preferences at any time from the in-app Settings.
• Complain — if you think we have mishandled your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk or your national data protection authority.

To exercise any of these rights, email privacy@kintsu.ink. We will respond within one month.

7. International transfers

Your data may be transferred outside the UK and EEA — specifically to the United States (PostHog, Groq, Google AdMob, RevenueCat). Where that happens, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, which are the transfer mechanisms approved by the UK Information Commissioner’s Office for post-Brexit data flows to countries without an adequacy decision.

8. Children

Kintsu is not directed at children under 13, or the minimum age for data-processing consent in your country where that is higher (for example, 16 in most EEA countries). We do not knowingly collect data from children. If you believe a child has created an account, email privacy@kintsu.ink and we will delete it.

9. Security

We use HTTPS for all traffic, store session tokens in your device’s secure storage (Android Keystore / iOS Keychain), and rely on Supabase row-level security policies so users can only read and write their own data. No system is perfectly secure, but we take reasonable and proportionate measures to protect your information.

10. Changes to this policy

We may update this policy as the app changes. When we do, we will update the “Last updated” date at the top of this page. Material changes will be notified in-app.

11. Contact

Questions, requests, or complaints: privacy@kintsu.ink.